Social Security Admin eases phone ID verification rules, but confusion persists

Through this past spring and summer, the Social Security Administration’s (SSA) rules for changing direct deposit information by phone have shifted so many times that even its own staff and regulatory filings seem out of sync.

What began in March as a plan to eliminate phone-based changes for doing things like changing direct deposit information has turned into a back-and-forth over the Security Authentication PIN (SAP) identity-verification process that was designed to curb fraud, but which has become a flashpoint over access to benefits.

SAP emerged from growing concern within SSA about schemes in which fraudsters diverted benefit payments by changing banking information without authorization. In April, under a six-month emergency approval from the Office of Management and Budget (OMB), the agency launched the system as a hybrid identity-proofing measure.

The idea was to match the level of verification used for online and in-person transactions, which SSA considers essential for what it deems a “higher risk” task. To use the system, a beneficiary must first have a my Social Security account, created through Login.gov or ID.me, and complete multifactor authentication that includes uploading a photo ID and taking a selfie.

Once inside the account, the beneficiary generates an eight-digit PIN, valid for three hours, and either gives it to an SSA representative over the phone or enters it into the agency’s automated system to proceed with the transaction.

The details and rationale for this process were spelled out in a July 21 Federal Register notice. That filing served two purposes. First, it explained the operational steps and limited exceptions associated with the SAP, and second, it sought long-term OMB clearance to keep the process in place beyond its emergency authorization.

SSA argued that the PIN closes a gap left by knowledge-based verification questions, which it considers too easily compromised, and provides parity with the security measures required in other channels. The filing also acknowledged that without a PIN, most callers would need to visit a field office or use the online portal to make changes, and that even exceptions for those with severe hardships still required a SSA representative’s review and approval.

In parallel with the regulatory process, public criticism of SAP grew quickly. Advocacy groups, including the American Association of Retired Persons, warned that requiring online account creation and photo ID verification could exclude people with limited Internet access, mobility issues, or those living far from SSA field offices.

This pushback intensified when SSA indicated it would expand the heightened verification to four additional phone-based services, estimating that such a move could drive millions more in-person visits to already strained offices.

Then, in a July 31 regulatory update, according to Nextgov/FCW, SSA said the SAP would be optional rather than mandatory, and that beneficiaries would not be required to visit a field office if the PIN failed. It also abandoned its plan to extend the process to other phone-based services, citing public concern and the potential for office backlogs.

However, internal SSA policy documents tell a different story, Nextgov/FCW also reported. As of mid-June, and still in effect after the July 31 regulatory update, SSA staff were directed to require the PIN for any phone-based direct deposit changes, with only narrowly defined exceptions. Those unable or unwilling to generate the PIN – which requires creating the online account – were told to complete the transaction in person.

While the July 31 regulatory filing authorized the use of knowledge-based verification as a fallback, the internal policy does not reference this option for direct deposit actions. This disconnect has fueled frustration among employees who say the shifting and conflicting guidance has left them unable to give clear answers to beneficiaries.

Jessica LaPointe, president of the American Federation of Government Employees Council 220 which represents SSA field office staff, described the situation as “reckless chaos” that harms both workers and the vulnerable Americans they serve. “They change their mind daily.”

For beneficiaries, the practical reality is uneven. Those with a my Social Security account can generate a PIN and make the change over the phone or online. Those without one must either navigate the account creation process – which involves its own identity verification hurdles – or appear at a field office, unless they qualify for the rare “dire need” exception outlined in the July 21 filing.

Some banks can initiate direct deposit changes directly with SSA, bypassing the agency’s phone line entirely, but this option is not universally available.

SSA defends the SAP as a faster and more secure option, claiming it can reduce call time by about three minutes and significantly lower fraud risk. Yet, the agency’s own data shows that actual cases of fraudulent phone-based direct deposit changes are relatively rare. Between late March and late April, SSA flagged more than 20,000 suspicious calls, and most of those flagged never called back, suggesting they were deterred or abandoned the process.

The stakes are high, not least because SSA is phasing out paper checks entirely by September 30, leaving direct deposit and the Direct Express debit card as the only options for receiving benefits. Any barriers to updating bank information could have immediate consequences for beneficiaries’ access to their funds.

The juxtaposition of the July 21 Federal Register filing, which lays out a detailed and mandatory PIN system, with the July 31 announcement that the PIN is optional, underscores the policy whiplash of the past several months.

Publicly, SSA says it is balancing security with accessibility. Internally, it continues to instruct staff to enforce a process that is, at best, only partially aligned with that message. Until these two realities converge, the direct deposit debate will remain a symbol of the agency’s broader struggle to reconcile fraud prevention with the need to keep benefits within reach of the people who depend on them.

Meanwhile, SSA Commissioner Frank Bisignano this week sent a sharply partisan letter to Sen. Elizabeth Warren dismissing her concerns about the agency’s customer service crisis. The letter, officials said, misrepresents both the source of current problems and the origin of recent improvements, with Bisignano at times blaming his predecessor for issues that didn’t exist and taking credit for Biden-era gains.

Warren had questioned a gap between SSA’s published average wait time of 18 minutes on its 1-800 number and a survey by her staff showing waits closer to two hours. Bisignano accused her of “discrediting” SSA’s career workforce and defended the agency’s methodology, claiming recent leadership and technology upgrades had driven “across-the-board” improvements. He said the average wait had dropped to 4.6 minutes in late July.

Current and former SSA officials said those figures are misleading because they exclude callback delays and reflect temporary staffing boosts from field office reassignments, not lasting technological fixes.

Article Topics

digital identity  |  fraud prevention  |  identity verification  |  remote identity proofing  |  selfie biometrics  |  social security  |  Social Security Administration (SSA)  |  U.S. Government